From e60b67d246ceb1a5c85a363685df2c4acbece3e7 Mon Sep 17 00:00:00 2001 From: Minio Trusted Date: Thu, 30 Jun 2022 12:57:54 -0700 Subject: [PATCH] Revert "Tighten enforcement of object retention (#14993)" This reverts commit 5e3010d4557f9e013786024ee9c2a92af2083743. This commit causes regression on object locked buckets causine delete-markers to be not created. --- cmd/bucket-handlers.go | 4 ++-- cmd/object-handlers.go | 20 +++++++++++--------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/cmd/bucket-handlers.go b/cmd/bucket-handlers.go index 565eb7b4b..1da1c1e0f 100644 --- a/cmd/bucket-handlers.go +++ b/cmd/bucket-handlers.go @@ -525,7 +525,7 @@ func (api objectAPIHandlers) DeleteMultipleObjectsHandler(w http.ResponseWriter, VersionSuspended: vc.Suspended(), } - if replicateDeletes || hasLockEnabled || !globalTierConfigMgr.Empty() { + if replicateDeletes || object.VersionID != "" && hasLockEnabled || !globalTierConfigMgr.Empty() { if !globalTierConfigMgr.Empty() && object.VersionID == "" && opts.VersionSuspended { opts.VersionID = nullVersionID } @@ -554,7 +554,7 @@ func (api objectAPIHandlers) DeleteMultipleObjectsHandler(w http.ResponseWriter, object.ReplicateDecisionStr = dsc.String() } } - if hasLockEnabled { + if object.VersionID != "" && hasLockEnabled { if apiErrCode := enforceRetentionBypassForDelete(ctx, r, bucket, object, goi, gerr); apiErrCode != ErrNone { apiErr := errorCodes.ToAPIErr(apiErrCode) deleteResults[index].errInfo = DeleteError{ diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index 924ee724d..1a69cde94 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -3458,15 +3458,17 @@ func (api objectAPIHandlers) DeleteObjectHandler(w http.ResponseWriter, r *http. writeErrorResponse(ctx, w, toAPIError(ctx, errors.New("force-delete is forbidden in a locked-enabled bucket")), r.URL) return } - apiErr = enforceRetentionBypassForDelete(ctx, r, bucket, ObjectToDelete{ - ObjectV: ObjectV{ - ObjectName: object, - VersionID: vID, - }, - }, goi, gerr) - if apiErr != ErrNone && apiErr != ErrNoSuchKey { - writeErrorResponse(ctx, w, errorCodes.ToAPIErr(apiErr), r.URL) - return + if vID != "" { + apiErr = enforceRetentionBypassForDelete(ctx, r, bucket, ObjectToDelete{ + ObjectV: ObjectV{ + ObjectName: object, + VersionID: vID, + }, + }, goi, gerr) + if apiErr != ErrNone && apiErr != ErrNoSuchKey { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(apiErr), r.URL) + return + } } }